Auditing Level (QAUDLVL)
The Auditing Level (QAUDLVL) system value along with the QAUDLVL2 system value determines which security-related events are logged to the security audit journal (QAUDJRN) for all system users.
You can specify more than one value for the QAUDLVL system value, unless you specify *NONE.
For the QAUDLVL system value to take effect, the QAUDCTL system value must include *AUDLVL.
Note: This system value
is a restricted value. See Security
system values for details on how to restrict changes to security system
values and a complete list of the restricted system values.
| *NONE | No events controlled by the QAUDLVL or QAUDLVL2 system values are logged. Events are logged for individual users based on the AUDLVL values of user profiles. |
| *NOTAVL | This value is displayed to indicate that the system value is not available to the user because the user does not have either *AUDIT or *ALLOBJ special authority. The system value cannot be set to this value. |
| *AUDLVL2 | Both QAUDLVL and QAUDLVL2 system values will be used to determine the security actions to be audited. |
| *ATNEVT | Attention events are logged. |
| *AUTFAIL | Authority failure events are logged. |
| *CREATE | Object create operations are logged. |
| *DELETE | Object delete operations are logged. |
| *JOBBAS | Job base functions are audited. |
| *JOBCHGUSR | Changes to a thread's active user profile or its group profiles are audited. |
| *JOBDTA | Actions that affect a job are logged. *JOBDTA is composed of two values, which are *JOBBAS and *JOBCHGUSR, to enable you to better customize your auditing. If both of the values are specified, you will get the same auditing as if just *JOBDTA is speicified. |
| *NETBAS | Network base functions are audited. |
| *NETCLU | Cluster and cluster resource group operations are audited. |
| *NETCMN | Network and communication functions are audited.
*NETCMN is composed of several values to enable you to better customize
your auditing. The following values make up *NETCMN:
*NETBAS |
| *NETFAIL | Network failures are audited. |
| *NETSCK | Socket tasks are audited. |
| *OBJMGT | Object move and rename operations are logged. |
| *OFCSRV | Changes to the system distribution directory and office mail actions are logged. |
| *OPTICAL | Use of Optical Volumes is logged. |
| *PGMADP | Obtaining authority from a program that adopts authority is logged. |
| *PGMFAIL | System integrity violations are logged. |
| *PRTDTA | Printing a spooled file, sending output directly to a printer, and sending output to a remote printer are logged. |
| *SAVRST | Save and restore operations are logged. |
| *SECCFG | Security configuration is audited. |
| *SECDIRSRV | Changes or updates when doing directory service functions are audited. |
| *SECIPC | Changes to interprocess communications are audited. |
| *SECNAS | Network authentication service actions are audited. |
| *SECRUN | Security run time functions are audited. |
| *SECSCKD | Socket descriptors are audited. |
| *SECURITY | Security-related functions are logged. *SECURITY
is composed of several values to enable you to better customize your auditing.
The following values make up *SECURITY:
*SECCFG |
| *SECVFY | Use of verification functions are audited. |
| *SECVLDL | Changes to validation list objects are audited. |
| *SERVICE | Using service tools is logged. |
| *SPLFDTA | Actions performed on spooled files are logged. |
| *SYSMGT | Use of systems management functions is logged. |